I've been asked by a friend of my partner's to have a look at her computer (Windows), and make sure it's as clean as Windows can be.
The friend has a feeling that her ex has put a key-logger or something similar on to her computer, as the ex has regularly gained access to and taken control of various online accounts she has. Additionally, he seems to be able to get FAR too much information about what she's doing, where she's going and who she is talking to.

I feel that there's also a moderate amount of user-education to be done, regarding good passwords and the like.

I personally would like to just blow Windows away and give her a Linux install, but I haven't got the time to hand-hold through the learning of Linux.

Instead, I would like some suggestions for good boot-disks which will allow me to scan the Windows install and remove anything which shouldn't be there.
I already have Hiren's BootCD on a USB and am quite happy with the tools that I've used on it so far. However, I have mostly used it for hardware testing and Windows password resets, not for scanning for key-loggers and root-kits.
My current USB thumbdrive is bootable, and I can drop ISO files straight on to it, hack up a boot-menu config file and boot in to the ISO file as if it were a real CD, so CD-only bootdisks are fine for suggestions as well.

Much of the online stalking may be due to simple knowledge of user account details. The ex may well have been covertly collecting the victim's login details for some time before the actual breakup.

Your friend should change their passwords on all their online accounts, especially social networking.

Besides fixing the PC's OS, it is also worth checking through all the user accounts, deleting/deactivationg any surprises and changing passwords on all the rest, but I would hope that has already been done.

Does your friend have a smartphone or other mobile device? These things can often also be tracked, for example if GPS (or other) geolocation is active and not made private, or of course if a covert tracking app is installed - and there are a good few of those about.

I'd just add, the "I'm sure my ex wouldn't have / couldn't have done that" is a sure sign that the ex has been misdirecting the victim, but is all too often taken the other way because that's what the victim wants to believe. In my experience, conquering that wanting to believe is more than half the battle.

And finally, the victim needs to methodically collect any and all evidence of stalking and/or harrassment, both online and offline. Keep that dossier in a safe place such as a USB stick and back it up, say create a new Cloud storage account for the purpose. If the ex ever gets out of order, that dossier can and must be handed to the police and legal action started to keep the ex at bay. It all sounds a bit draconian, but believe me, ex-es can sometimes turn very, very nasty and if your victim doesn't protect themself now they risk a truly evil few years ahead.

"Klinger, do you know how many zoots were killed to make that one suit?" — BJ Hunnicutt, 4077 M*A*S*H

He recently spit with his boyfriend. He got home from work one night and was sat quietly in his flat. When he heard a computer fan spin up. He went looking for the source and found his ex's old laptop hidden away under the sofa. When he opened it to see what it was doing. (now here comes the scary part) It was streaming video footage of his bedroom. Turns out the camera had been hidden in a shoe box on top of his wardrobe.

Anyway back to your question.

If the couple have split. I assume the ex doesn't have physical access to the laptop any more. Which raises the question of how is he getting the data?

on win or linux to see the active tcp/udp connections if the key logger is communicating you should see something suspect in the output.

As Guy points out it is important to collect evidence for a successful prosecution. I'd also suggest taking a clone of the HDD to work on so you don't destroy any evidence on the original HDD. The police may require it for data forensics if you friend does seek a prosecution.

Even after a good malware search, I'd still be strongly inclined to nuke and pave the OS - even if that meant wading through a Windows install & update-reboot-update cycle. It's the only way to be sure. The same goes for any other programmable, network-attached device.

After reading purplepenguin's story ( ), I'd also consider sweeping the house with a current sensor.